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(57) Abstract: Apparatus consisting of a single executable object, or multiple objects acting together, that contain multimedia or 
similar content and an associated player that acts to control access to the said content. The single executable object may be provided 
^ as a scries of smaller blocks, the order of which may have been shuffled, and reconstructed using a key supplied by the content 
provider. The single executable object may also contain various key series in order to further control access to the content where ele- 
Q ments of these keys may also be derived from identifying features provided by the user or the user's hardware or software. Keys thus 
derived from locally identified features may be incorporated within the single executable object as it is reconstructed thus ensuring 
that the content may only be viewed or be copied as intended by the content provider. 
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METHOD AND APPARATUS FOR CONTROLLING ACCESS 
TO MULTIMEDIA FILES 
DESIGN AND IMPLEMENTATION 

The present invention relates to a method and 
apparatus for enabling and disabling access to various 
multimedia content. 

Where it is desired to send multimedia files that 
are stored in electronic format to another user it is 
possible that the originator may wish to protect the 
content from unauthorised use or from usage outside the 
conditions agreed as part of the subscription. Examples 
might be restricting access to specific locations, 
specific time periods or a specific number of accesses. 

It is common for such multimedia files to be 
supplied in a format that can be accessed by using a 
player that has the capability to display content that is 
coded in a specific format. It is generally possible to 
copy the original file and transfer it to an alternative 
location that also has access to a similar player and 
therefore have equal access to the same content. 

It is commonplace for the originators of such 
content to encrypt these files so the content cannot be 
accessed by the player until it has been decrypted using 
a key. The provision of the key may be restricted by the 
originator to control access to the content. Once a 
valid key has been provided the decoded content may then 
be accessed by the player. It may also be copied many 
times and be distributed further once it is removed from 
its encrypted state. Thus further distribution of the 
content can no longer be controlled and may result in a 
significant loss of revenue for the content originator. 

The present invention describes apparatus and a 
method for facilitating the supply of such multimedia 
content in a form that allows the originator to maintain 
control over access to the content. This is particularly 
beneficial where the multimedia content is provided on a 
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subscription basis or is being provided for a restricted 
period of time. 

Examples of the use of such a system are as follows: 

a. provision of a video such as a movie where the 
5 subscription is made on a rental basis for a 

fixed period or on a pay-per-view basis; 

b. provision of music where playback is restricted 
to a single playback machine; 

c. provision of documentation such as an 
10 examination paper where access is not permitted 

before a fixed time; 

d. provision of a price list document where prices 
are only current for a specified period of 
time; and 

15 e. provision of training material where training 

is provided for a fixed location for a fixed 
period of time only. 
In accordance with the present invention, we provide 
apparatus for encrypting and playing multimedia files, as 
20 follows: 

a. selecting the multimedia content; 

b. selecting the appropriate multimedia player; 

c. collecting appropriate key data from the user; 

d. selecting the appropriate key parameters; 

25 e. processing the content, player, key control and 

key parameters together; 

f. incorporating the resulting data into a single 
executable object; 

g. providing the single executable object to the 
30 user; 

h. checking that current key data matches the 
stored key parameters; 

i. decrypting the multimedia content on an 
incremental basis; 

35 j . playing the multimedia content on an 

incremental basis ; 
k. communicating with the multimedia content 
originator by encrypted means; and 
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1. updating the key parameters maintained within 

the executable object. 
Also, in accordance with the present invention, we 
provide a method for : 
5 a. selecting the multimedia content; 

b. selecting the multimedia player ; 

c. determining certain key parameters from the 
user; 

d. processing the content, player, access control 
10 and key parameters together into a single 

executable object; 

e. providing this single executable object to the 
user; 

f. executing the single object; 

g. checking the key parameters previously agreed 
with the user; 

h. playing the multimedia content directly from 
the executable object; 

i- further checking the key parameters previously 

agreed with the user; 
j - disabling the operation of the executable 

object where such parameters do not match; 
k. communicating with the originator of the 
multimedia content ; 
25 1 - exchanging encrypted information with the 

originator of the multimedia content; and 
m. updating the key parameters stored within the 

executable object. 
Examples of the present invention will now be 
described with reference to the accompanying drawing, in 
which: - 

Figure 1 is a schematic diagram of apparatus 
assembled according to the current invention. 
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The executable object 

The executable object is a single entity designed to 
execute within the users end-terminal. 
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The executable object may exist as a single file or 
may be distributed between several files. It may operate 
in conjunction or be integrated with other apparatus. 
Examples might be as software loaded onto a computer or 
5 as a component within an appliance, such as a television 
set or audio playback system. 

The executable object will be created by processing 
together the multimedia content, the appropriate 
multimedia player, the access control and the key 
10 parameters. 

The key parameters will be compiled by the content 
originator from information supplied by the user, either 
manually or by an automated process. These key 

parameters will be embedded as part of the executable 
15 object. The executable object will also contain 

encryption keys that are agreed with the content 
originator . 

The executable object is supplied to the user as a 
single entity rather than separate multimedia content and 

20 player. The practical restrictions on distribution of 
the executable object may necessitate that it is supplied 
in a number of smaller parts although it will be 
necessary for these parts to be re-assembled for it to 
function as a whole. 

25 When the executable object is activated by the user 

it will first check that the key parameters stored within 
the object can be validated by comparing them with the 
appropriate parameters at the users end-station. These 
parameters may be related to any aspect of the users 

30 situation that may be appropriate to the authorisation 
for access to the multimedia content. These parameters 
may include for example, the user's password, the end- 
station serial number, the operating system registration 
number, the data or time, codes provided by the content 

35 originator and the like. 

Subject to the key parameters being validated the 
executable object will directly decrypt and play the 
content on an incremental basis through the end-terminal. 
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The decryption process will take place within the 
executable object and does not result in the direct 
availability of decrypted content to the user other than 
as is necessarily displayed by the embedded player. 
5 Where the key parameters are not met the executable 

object will not proceed with decryption of the content 
and playback. The executable object may request that the 
user re-validates the registration with the originator of 
the multimedia content. This transaction with the 

10 content originator may be performed manually by the user 
entering new access codes. Alternatively the executable 
object may communicate directly with the content provider 
to re-validate the subscription utilising the encryption 
keys previously agreed. 

15 The executable object may contain the facility to 

detect unsuccessful attempts to gain access to the 
content and take steps to erase or otherwise disable it. 

The method 

20 The invention provides a method for creating an 

executable object that is a single entity containing the 
multimedia content with an embedded player. The method 
also embeds an access control feature that contains key 
parameters determined from the user when the provision of 

25 the multimedia content is requested. 

The executable object is then provided to the user 
in a form compatible with the users end-station. 

When the user requires access to multimedia content, 
it is possible for the user to select the appropriate 

30 content from facilities supplied by the content 
originator. 

When the selection and any necessary subscription 
process is completed an appropriate player or viewer is 
automatically provided by the originators system. 
35 The originators system then requests certain 

pertinent information related to the chosen key 
parameters either from the user or directly from the 
user's end-station equipment. This information may 
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include for example, data that uniquely identifies the 
user, the user's end-station or other features related to 
the user's situation such as the end-station operating 
system software registration code or network adapter 

5 identity or the like, or combinations of these. 

The content originator' s system then processes the 
multimedia content, the appropriate player, the access 
control and the key parameters into a single entity known 
as the executable object. This processing may take the 

10 form of a compilation process that would be familiar to 
one skilled in the art of creating computer software. 
This processing may include commonly available techniques 
for encryption and embedding of data with program 
functionality such as, for example, public/private key 

15 encryption, object-oriented programming and the like. 

The resulting executable object may than be provided 
to the user and will only perform the desired function 
provided that the parameters specified by the included 
keys are matched at the time of execution on the user's 

20 end-station. 

The user will gain the following benefits from the 
system: 

• multimedia content can be obtained without 
prior availability of a compatible player or 

25 viewer; 

• subscription and licensing is automatically 
managed; and 

• subscription and licensing renewal is 
automatically managed. 

30 The content originator will gain the following 

benefits from the system: 

• content can be provided to users without regard 
for the availability of a compatible player at 
the user's end-station; 

35 • content can only be copied along with the 

encapsulated access control and key parameters; 
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copied content can only be accessed provided 
the key parameters continue to be correctly 
validated; 

content access will automatically be disabled 
where key parameters have expired; 
access can be restricted to approved machines; 
access can be restricted to approved systems; 
access can be restricted to approved users; 

• access can be restricted to a fixed time 
10 period; and 

• access can be restricted to a maximum number of 
usages; 
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Appendix A 

Each of the major components will now be described 
in brief. 

5 

Executable object 1 

The executable object 1 is a single executable 
entity that encapsulates all multimedia content, player, 
access control and key parameters. The executable object 

10 is individually built for each user and will only 
function to play the content whilst the key parameters 
can be validated. The embedded player will be 

individually selected to match the format of the content 
being included. This may be various types of content 

15 including for example, video, audio, presentations, 
documents, games, books, web pages, magazines, animations 
and the like. 

Embedded player 2 

20 The embedded player 2 is incorporated as an integral 

part of the executable object. It is therefore possible 
for the content encoding to be specifically matched to 
the player. In this way it can be arranged that the 
content is effectively playable only with the individual 

25 instance of player provided and only then in conjunction 
with the access control and key parameters which are also 
incorporated in the same way. The player may be of 
various types to suit the content being displayed. For 
example, a display program for viewing video, a playback 

30 device for listening to audio, a viewer for viewing 
documents, a console for playing games and the like. 

Access control and key parameters 3 

The access control and key parameters 3 are embedded 
35 within the specific multimedia content player. The 
access control module is responsible for checking that 
the embedded key parameters can be appropriately matched 
before the embedded player is allowed to be run. The key 
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parameters are specified by the originators system at the 
time that the executable object is built- The access 
control may allow the user the option to renew the 
subscription. This may be accomplished by the user 
renewing the subscription directly with the originators 
system and the access control then communicating with the 
system to verify the new key parameters, utilising 
encryption over the communication channel as appropriate. 
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CLAIMS 

l.A method of enabling and disabling access to various 
multimedia content whereby the player used to view the 
5 content and the content itself are wrapped together as a 
single executable object, or multiple objects linked to 
function together only as a single entity. 
2 -A method according to Claim 1 wherein a means of 
enabling and disabling access to the content by use of 
10 various keys is also included within the single 
executable object. 

3. A Method according to any of the preceding claims 
whereby the single executable object is reconstructed 
from a series of smaller blocks which may be provided to 

15 the user on an incremental basis. 

4. A method according to Claim 3 whereby the order of the 
smaller blocks are shuffled before delivery according to 
various key series known to the content provider and the 
successful reconstruction of the executable object is 

20 dependant on provision of the matching keys. 

5. A method according to any of the preceding claims 
whereby the various keys used to control access to the 
content are dependant on the identifying characteristics 
of the user such as a password, or the user's hardware or 

25 software such as the likes of various serial numbers. 

6. A method according to claim 5 whereby parts of the key 
series are determined from characteristics ascertained 
locally during the reconstruction of the single 
executable object from the smaller blocks. 

30 7. A method according to any of the preceding claims 
whereby the various data that comprises the player, 
content or smaller blocks may be further encrypted or 
coded by various standard means. 

8. Apparatus for controlling access to various multimedia 
35 content comprising a single executable object, or 

multiple objects linked to function together only as a 
single entity, itself containing both the playback device 
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and the multimedia content whereby the content may not be 
copied independently of the playback device. 

9. Apparatus according to Claim 8 wherein the single 
executable object is adapted to include a means of 

5 enabling and disabling access to the content by use of 
various keys. 

10. Apparatus whereby the single executable object 
according to Claim 8 or Claim 9 is reconstructed from a 
series of smaller blocks which may be provided to the 

10 user on an incremental basis. 

11. Apparatus according to Claim 10 and so adapted that 
the single executable object is reconstructed from 
smaller blocks which are shuffled before delivery 
according to various key series known to the content 

15 provider and the successful reconstruction of the 
executable object is dependant on provision of the 
matching keys. 

12. Apparatus according to Claim 8 or Claim 9 whereby the 
single executable object is adapted so that the various 

20 keys used to control access to the content are dependant 
on the identifying characteristics of the user such as a 
password, or the user's hardware or software such as the 
likes of various serial numbers. 

13. Apparatus according to Claim 10 or Claim 11 and so 
25 adapted as to determine parts of the key series from 

characteristics ascertained locally during the process of 
reconstruction of the single executable object from the 
smaller blocks. 

14. Apparatus according to Claim 8, Claim 9 or Claim 12 
30 and so adapted wherein the various data that comprises 

the player or content may be further encrypted or coded 
by various standard means. 

15. Apparatus according to Claims 10 to 14 and so adapted 
wherein the various data that comprises the smaller 

35 blocks used to reconstruct the single executable object 
may be further encrypted or coded by various standard 
means . 
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16. A single executable object used to control access to 
various content substantially as herein described above 
and illustrated in the accompanying drawing. 



BNSDOCID: <WO 02052388A2_I_> 



WO 02/052388 



PCT/GB01/05772 




(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

International Bureau 

(43) International Publication Date 
4 July 2002 (04.07.2002) 




(10) International Publication Number 

PCT WO 02/052388 A3 



(51) International Patent Classification 7 : G06F 1/00 

(21) International Application Number: PCT/GB0 1/05772 

(22) International Filing Date: 

24 December 2001 (24.12.2001) 



(25) Filing Language: 

(26) Publication Language: 



English 
English 



(30) Priority Data: 

0031663.8 



27 December 2000 (27.12.2000) GB 



(71) Applicant (for all designated Slates except US): INTER- 
NET EXTRA LTD. |GB/GB|; 215 Huntingdon Road, 
Cambridge CB3 0DL (GB). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): ALDRIDGE, Jane, 
Lesley [GB/GB]; 215 Huntingdon Road, Cambridge CB3 
0DL (GB). GAFFNEY, Philip, Michael [GB/GB]; 215 
Huntingdon Road, Cambridge CB3 0DL (GB). 



(81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 
CZ, DE, DK, DM, DZ, EC, EE, ES, Fl, GB, GD, GE, GH, 
GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, 
LK, LR, LS, LX, LU, LV, MA, MD, MG, MK, MN, MW, 
MX, MZ, NO, NZ, OM, PH, PL, PT, RO, RU, SD, SE, SG, 
SI, SK, SL, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, 
VN, YU,ZA, ZM, ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM, ZW), 
Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), 
European patent (AT, BE, CH, CY, DE, DK, ES, Fl, FR, 
GB, GR, IE, IT, LU, MC, NL, PT, SE, TR), OAPI patent 
(BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, ML, MR, 
NE, SN, TD, TG). 

Declaration under Rule 4.17: 

— of inventorship (Rule 4. 1 7(iv)) for US only 



Published: 

— with international search report 



[Continued on next page J 



== (54) Title: METHOD AND APPARATUS FOR CONTROLLING ACCESS TO MULTIMEDIA FILES 



< 

00 
00 

m 

o 




(57) Abstract: Apparatus consisting 
of a single executable object, or 
multiple objects acting together, that 
contain multimedia or similar content 
and an associated player that acts to 
control access to the said content. 
The single executable object may be 
provided as a series of smaller blocks, 
the order of which may have been 
shuffled, and reconstructed using a 
key supplied by the content provider. 
The single executable object may 
also contain various key series in 
order to further control access to the 
content where elements of these keys 
may also be derived from identifying 
features provided by the user or the 
user's hardware or software. Keys 
thus derived from locally identified 
features may be incorporated within 
the single executable object as it is 
reconstructed thus ensuring that the 
content may only be viewed or be 
copied as intended by the content 
provider. 
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